Security Group SANS Exposes 25 "Most Wanted" Coding Errors

Computer researchers from around thirty organizations from United States and across the world have unveiled a list of as many as 25 programming errors that could lead to some serious security threats in the year ahead.

The report, codenamed as “CWE/SANS Top 25” list, has been spearheaded by the National Security Agency, and it marked a consensus among a large number of computer scientists over some of the critical flaws in programming.

Managed by MITRE Corp. and SANS Institute, the effort was funded by National Cyber Security, a division of US Department of Homeland Security.

In addition, the report was created in conjunction with some of the big names in the tech industry, including Apple, Microsoft, Red Hat, CERT, Symantec, and Oracle, to name a few.

By exposing these key errors, the participants hope to make a nation’s highly vulnerable cyber-infrastructure more secure, as a couple of these errors had led to more than 2.5 million security infringements last year.

The list, published on SANS’ website, deals with a handful of mitigation or prevention measures for some of the core programming errors.

“Most of these errors are not well understood by programmers. Their avoidance is not widely taught by computer science programs and their presence is frequently not tested by organizations developing software for sale”, the website quoted.

Go To Page 2 for our comments and more related links

Our Comments

Having a list of the 25 most wanted errors is a great way of stomping out potentially disastrous vulnerabilities. It is quite interesting as well that SANS was able to get names like Apple and Microsoft onboard to compile the error hitlist. Let's hope that the list is continually updated.